This Week in Technology

The campaign consists of phishing emails that come with an attached ZIP file using a .doc.vbs extension. Upon execution, the VBS script extracts information about the target machine’s operating system and attempts to check for strings associated with well-known antivirus software. It then uses the BITSAdmin tool to run a malware loader.

Ivanti Brings Together Leading Patch Management and Application Control Solutions with Release of Ivanti Security Controls

Ivanti has announced Ivanti Security Controls. Offering comprehensive patch management for operating systems and third-party applications on physical and virtual servers and desktops, the new solution also enables dynamic whitelisting and granular privilege management from a single management console.

Users see a message box that says it’s an “Update Center” for your browser type (in my case it’s Firefox, but they also have such messages for Chrome, Internet Explorer and Edge browsers). The message reads: “A critical error has occurred due to the outdated version of the browser. Update your browser as soon as possible.” To support the “critical error” claim, the malware shows some garbled text on the background.

Your security perimeter is no longer your firewall. In today’s hybrid, multi-cloud environment, it’s the internet. With Citrix Endpoint Management, a unified endpoint management solution, you can enable a new approach to security that allows you to secure an expanded attack area and address the full spectrum of security concerns — from data loss and availability to identity.

The tactic allows code to appear as a single instance of malware—for example, names, encryption keys or signatures—"so it can be delivered to a large number of people while still evading detection,” the vendor said. Hence, polymorphic malware and applications present different identifiers, defeating pattern-matching security tools that can no longer detect variations.

The health system said in a recent financial filing that the exposed data may include names, addresses, birthdays, Social Security numbers and health insurance information. Rush said that to its knowledge none of the data had been misused and didn't include medical information.

The 'use-after-free' vulnerability is a memory corruption flaw that carries the risk of escalated privileges on a machine where a threat actor has modified data in memory through exploiting it. That's why Google has issued the urgent update warning, as the potential is there for exploits to be crafted that could enable an attacker to remotely run arbitrary code (a remote code execution attack) whilst escaping the browser's built-in sandbox protection.

Releasing the NSA’s Previously Classified Tool ‘Ghidra’ For Free Is a ‘Game Changer’

The National Security Agency released a previously classified reverse-engineering app for free—and so far people in the information security community love it. Rob Joyce, the NSA’s senior cybersecurity adviser, presented Ghidra, a tool to decompile, reverse engineer, and analyze malware, at the RSA conference in San Francisco on Tuesday evening.

The company says that the POAP feature on Nexus devices will accept the first DHCP response it receives. An attacker present on the local network can send malformed DHCP responses to Nexus switches to hijack their POAP settings and trick switches into downloading and executing configuration scripts from an attacker's servers.

Phishing alert: One in 61 emails in your inbox now contains a malicious link

The purpose of the malicious URL could be to deploy malware onto the PC or it could encourage the victim to enter sensitive information into a fake version of a real service — like a retailer, a bank or an email provider — in order to trick the user into giving up passwords and other data.

Citrix Systems enhanced its SD-WAN in order to increase automation and security. This includes new security features that enable companies to extend user-centric policies to the branch and connect employees to cloud applications and software-as-a-service (SaaS) platforms.

Ransomware warning: the gang behind this virulent malware just changed tactics again

But now researchers have observed adverts for GandCrab being posted on underground forums, specifically targeted at crooks with skills around operating remote desktop protocols, virtual network computing and experience of infiltrating corporate networks. "Spammers, working with landing pages and corporate networking specialists — do not miss your ticket to a better life. We are waiting for you," reads a translation of the advert.